1 / 27

Information Security

Information Security. Zero to 60 in 10 Years. Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical University. BUSINESS IMPERATIVES. Past: Business Imperatives. Create a “ Web Presence ” Convey information

hollis
Download Presentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Zero to 60 in 10 Years Howard Muffler, Information Security Officer Joseph Progar, Information Security Analyst Embry-Riddle Aeronautical University

  2. BUSINESS IMPERATIVES

  3. Past: Business Imperatives Create a “Web Presence” Convey information Market to current and prospective customers Expand research capabilities Explore new markets – local to global Reach a wider audience Defend against competitors Enhance student life

  4. Past: Business Imperatives Develop online classes and classrooms Transition IT from service provider to business driver Security imperatives growing as well: Pay more attention to information protection! Recognize the Internet as a dangerous place

  5. Present: Business Imperatives Internet = Requisite business tool Anytime Anywhere Empower constituents More Self-Services More communication and collaboration Continue to innovate – expand markets further Think like an entrepreneur – act like a business

  6. Present: Business Imperatives • Security is a bigger concern than ever • Don’t end up “In the News” (involuntarily) • Understand risks; mitigate vulnerabilities • Formalize security responsibility and functions • Ensure legal and regulatory compliance

  7. Future: Business Imperatives Continue expansion in global markets Deliver product anytime and anywhere Expand brand recognition Concentrate on niche competencies

  8. Future: Business Imperatives Security will continue to be critical Imbed awareness into organization culture Provide security which doesn’t conflict with education, productivity, & job responsibilities Preserve constituent privacy Ensure continued legal and regulatory compliance

  9. ATTACKS

  10. Past: Attackers and their Motives Attacker • Researchers • Teenagers Motivation • Proof of Concept • Fame / Infamy

  11. Past: Common Attacks Viruses Worms Trojans DOS Web defacement Scanning Sniffing

  12. Present: Attackers and their Motives Attacker • Well educated individuals • Organized crime Motivation • Money • Power

  13. Present: Common Attacks • Viruses, Worms, Trojans • Root Kits • Bot Nets • Key loggers • DDOS • Phishing

  14. Future: Attackers and their Motives Attacker • Well educated criminals • Ideologies and Businesses Motives • Money • Politics

  15. Future: Common attacks • Viruses, Worms, Trojans • Bot Nets • Blended threats • Encryption • Holding data hostage

  16. NETWORK

  17. Past: Network

  18. Present: Network

  19. Present: NetworkDefense in Depth

  20. Future: Network

  21. ERAU SECURITY RESPONSE

  22. Past: Security Response Moving away from Laissez Faire (B.I.) Early safeguards mostly afterthoughts Focused on virus protection and basic network security (perimeter protection) Equipment misuse > info protection SPAM threat not yet fully appreciated Y2K = Resource hog

  23. Past: Security Response Higher Ed = Prime hacker target (why?) “Selling” security to upper management Growing appreciation of “Insider” threat Virus concerns = “Trio of Trouble” Plus Stronger efforts re: Regulatory compliance

  24. Present: Security Response Formalization of security responsibilities Creation of formal polices and procedures Creation/expansion of education and awareness programs IT leadership in incident response First formal Risk Assessment study

  25. Future: Security Response Continue to view security holistically Expand policies and procedures (ISO) Address new “compliance hammers” Formalize incident response – Not just IT Repeat Risk Analysis regularly Implement security measures which don’t just target specific vulnerabilities (adaptive, heuristic)

  26. Five Steps to an Effective Information Security Program Get Upper Management Support Start Small Adopt a Multilayered Approach Keep Security Flexible Improve Continuously

  27. Thank You! Q & A

More Related